51 matches found
GHSA-Q99M-QCV4-FPM7 Grafana Command Injection And Local File Inclusion Via Sql Expressions
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
UBUNTU-CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
CVE-2024-9264
Grafana CVE-2024-9264 affects the SQL Expressions experimental feature. The vulnerability arises when user input is fed into DuckDB queries without proper sanitization, allowing command injection and local file read via the DuckDB CLI if the binary is in Grafana’s PATH. Exploitation requires an a...
CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
CVE-2024-9264 Grafana SQL Expressions allow for remote code execution
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or highe...
Grafana SQL Expressions allow for remote code execution
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb , leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or high...
PT-2024-7005
Name of the Vulnerable Software and Affected Versions Grafana versions prior to v11.0.6+security-01 Grafana versions prior to v11.1.7+security-01 Grafana versions prior to v11.2.2+security-01 Description The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queri...
MySQL 6.0.9 - 'GeomFromWKB()' Function First Argument Geometry Value Handling Denial of Service
source: https://www.securityfocus.com/bid/37297/info MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions. An attacker can exploit these issues to crash the application, denying access to legitimate users. Versions prior to MySQL...
MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling Denial of Service
MySQL 6.0.9 - GeomFromWKB Function First Argument Geometry Value Handling Denial of Service source: https://www.securityfocus.com/bid/37297/info MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions. An attacker can exploit these...